With the Identity Authority Manager – Industrial (IdAM), says the company, it is possible to integrate PKI functions for issuing and managing digital identities directly at the point of production. With the IdAM, digital identities can be issued during production – for example, in the form of X.509 certificates.
“Identity Authority Manager – Industrial provides an innovative mechanism for trusted digital identities, issuing ‘birth certificates’ or other identities during the production process,” says Tomas Gustavsson, CTO at PrimeKey. “This approach will become an integral part of IIoT and Smart Factory.”
“For the first time,” says Gustavsson, “it is possible to implement a trustworthy product strategy based on an intelligent and secure supply chain. Smart devices in production with the appropriate certificates and identities are now able to check software updates and licenses for integrity and authenticity. Manufacturers of a product and transmitters of software can be clearly identified, which puts a stop to product plagiarism.”
The solution is designed to make secure certificate issuance in Industrial Internet of Things (IIoT) a reality. In a networked production environment, each component has to “know and trust” each other, and “identify” themselves with their digital identity. The innovation, says the company, is now to move the Registration Authority (RA) functionality of a PKI directly to the point of production rather than before or after, as has been the case until now.
With the solution, an identity registration point is installed at the point of production. The IPC-based appliance addresses the need to secure the entire product lifecycle, says the company, and the demand for this – particularly in IoT industries within the automotive, energy, health, and automation sectors – exists and is constantly growing.
Key features of the solution include:
- PKI registration function for smart production – During production, a component first asks the Identity Authority Manager for the certificate. This validates the digital identity of the components. It uses a random generator to generate the keys and Certificate Signing Requests (CSR) and transmits the CSR to the Certification Authority (CA) of the PKI. Finally, the certificate is implemented in the component.
- The secured separation between OT and IT – The Identity Authority Manager strictly separates Operational Technology (OT) from IT. Any cyberattack cannot, therefore, jump from the office network to the production network.
- Future-proof thanks to open interfaces – The IdAM also supports all known cryptographic algorithms and offers three external main interfaces for device adapters and trusted service adapters as well as to the sequence controller. Thus, identity verification can be flexibly modeled and adapted in a trustworthy way to the production process.
An introduction and initial look into the technology will be available in two webinars: “Securing Industry 4.0 – Introducing the first industrial PKI solution to secure smart supply chains” and “What’s inside the PrimeKey Identity Authority Manager – a techie’s dream.”
Protecting IoT devices from cyberattacks: A critical missing piece
Icon Labs: Why PKI matters for the IIOT
Digital certificate auto-provisioning for IoT devices
Certificate authority solution for IoT manufacturers